﻿<html DIR="LTR" xmlns:tool="http://www.microsoft.com/tooltip" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ddue="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
  <head>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=utf-8" />
    <META NAME="save" CONTENT="history" />
    <title>Security Extension Sample</title>
    
 <Style TYPE="text/css">

body
{
    background: #FFFFFF;
    color: #000000;
    font-family:    Verdana;
    font-size: medium;
    font-style: normal;
    font-weight: normal;
    margin-top: 0;
    margin-bottom:  0;
    margin-left:    0;
    margin-right:   0;
    width:  100%;
}

div.#mainSection
{
    font-size: 70%;
    width: 100%;
    padding-left:    10;
    margin-right: 10;
}

div.#mainBody
{
    font-size: 90%;
    margin-top: 10;
    padding-bottom: 20;
}

div.#header
{
    background-color: #D2D2D2;
    padding-top:    0;
    padding-bottom: 0;
    padding-left:   10;
    padding-right:  0;
    width:          100%;
}

div.#header table
{
    border-bottom-color: #C8CDDE;
    border-bottom-style: solid;
    border-bottom-width: 1;
    width:  100%;
}

span.#runningHeaderText
{
    color: #003399;
    font-size: 90%;
}

span.#nsrTitle
{
/*    color: #003399;*/
    font-size: 120%;
    font-weight: 600;
}

div.#header table td
{
    color: #000000;
    font-size: 70%;
    margin-top: 0;
    margin-bottom:  0;
    padding-right: 20;
}

div.#header table tr.#headerTableRow3 td
{
    padding-bottom: 2;
    padding-top: 5;
}

div.#header table.#bottomTable
{
    border-top-color: #FFFFFF;
    border-top-style: solid;
    border-top-width: 1;
    text-align: left;
}

div.#footer
{
    font-size: 90%;
    margin-top: 0;
    margin-bottom:  0;
    margin-left:    -5;
    margin-right:   0;
    padding-top:    2;
    padding-bottom: 2;
    padding-left:   0;
    padding-right:  0;
    width:  100%;
}

hr.#footerHR
{
    border-bottom-color: #EEEEFF;
    border-bottom-style: solid;
    border-bottom-width: 1;
    border-top-color: C8CDDE;
    border-top-style: solid;
    border-top-width: 1;
    height: 3;
    color: #D2D2D2;
}

div.section
{
    padding-top:    2;
    padding-bottom: 2;
    padding-right:  15;
    width:  100%;
}

.heading
{
    color:          #000000;
    font-weight:    bold;
    margin-top:     18;
    margin-bottom:  8;
}

h1.heading
{
    color: #000000;
    font-size:  150%;
}

.subHeading
{
    color:          #000000;
    font-weight:    bold;
    font-size:      150%;
    margin-bottom:  4;
}

h2.subHeading
{
    color:          #000000;
    font-weight:    bold;
    font-size:      130%;
}
h3.subHeading
{
    color:  #000000;
    font-size: 125%;
    font-weight: bold;
}

h4.subHeading
{
    color: #000000;
    font-size: 110%;
    font-weight: bold;
}

h4.procedureHeading
{
    color: #000080;
    font-size: 110%;
    font-weight: bold;
}

h5.subHeading
{
    color: #000000;
    font-size: 100%;
    font-weight: bold;
}

img
{
    padding-bottom: 10;
}

img.toggle
{
    border: 0;
    margin-right: 5;
    padding-bottom: 10;
}

img.copyCodeImage
{
    border: 0;
    margin: 1;
    margin-right: 3;
    padding-bottom: 10;
}

img.downloadCodeImage
{
    border: 0;
    margin-right: 3;
    padding-bottom: 10;
}

img.viewCodeImage
{
    border: 0;
    margin-right: 3;
    padding-bottom: 10;
}

img.note
{
    border: 0;
    margin-right: 3;
    padding-bottom: 10;
}

img.#membersOptionsFilterImage
{
    border: 0;
    margin-left: 10;
    vertical-align: middle;
    padding-bottom: 10;
}

img.#toggleAllImage
{
    margin-left: 4;
    vertical-align: middle;
    padding-bottom: 10;
}

div.#mainSection table
{
    border: 0;
    font-size: 100%;
    width:  100%;
    margin-top: 5px;
    margin-bottom: 15px;
}

div.#mainSection table tr
{
    vertical-align: top;
}

div.#mainSection table th
{
    text-align: left;
    background: #D8D8D8;
    border-bottom-color: #D8D8D8;
    border-bottom-style: solid;
    border-bottom-width: 1;
    color: #000000;
    padding-left: 5;
    padding-right: 5;
}

div.#mainSection table td
{
    background: #F2F2F2;
    border-top-color: #D8D8D8;
    border-top-style: solid;
    border-top-width: 1;
    padding-left: 5;
    padding-right: 5;
}

div.#mainSection table td.imageCell
{
    white-space: nowrap;
}

div.code
{
	width: 98%;
}

div.code table
{
    border: 0;
    font-size: 95%;
    margin-bottom: 5;
    width: 100%
}

div.code table th
{   
    text-align: left;
    background: #D8D8D8;
    border-bottom-color: #D8D8D8;
    border-bottom-style: solid;
    border-bottom-width: 1;
    color: #000000;
    font-weight: bold;
    padding-left: 5;
    padding-right: 5;
}

div.code table td
{
    background: #CCCCCC;
    border-top-color: #D8D8D8;
    border-top-style: solid;
    border-top-width: 1;
    padding-left: 5;
    padding-right: 5;
    padding-top: 5;
}

div.alert
{
	margin-left: 10;
	width: 98%;
}

div.alert table
{
    border: 1;
    font-size: 100%;
    width:  100%;
    border: solid 1 #DEDFEF;
}

div.alert table th
{
    text-align: left;
    background: #D8D8D8;
    border-bottom-width: 0;
    color: #000000;
    padding-left: 5;
    padding-right: 5;
    border: solid 1 #DEDFEF;
}

div.alert table td
{
    background: #FFFFFF;
    border-top-color: #D8D8D8;
    border-top-style: solid;
    border-top-width: 1;
    padding-left: 5;
    padding-right: 5;
    border: solid 1 #DEDFEF;
}

span.copyCode
{
    color: #0000ff;
    font-size: 90%;
    font-weight: normal;
    cursor: hand;
    float: right;
    display: inline;
    text-align: right;
}

.downloadCode
{
    color: #0000ff;
    font-size: 90%;
    font-weight: normal;
    cursor: hand;
}

.viewCode
{
    color: #0000ff;
    font-size: 90%;
    font-weight: normal;
    cursor: hand;
}

div.code pre
{
    font-family:    Monospace, Courier New, Courier;
    font-size: 105%;
    color:  #000000;
}

code
{
    font-family:    Monospace, Courier New, Courier;
    font-size: 105%;
    color:  #000000;
}

dl
{
    margin-top: 0;
    padding-left:   1;
}

dd
{
    margin-bottom:  0;
    margin-left:    0;
    padding-left:   20;
}

dd p
{
    margin-top: 5;
}

ul
{
    margin-left: 17;
    list-style-type: disc;
}

ul ul
{
    margin-bottom: 4;
    margin-left: 17;
    margin-top: 3;
    list-style-type: disc;
}

ol
{
    margin-left: 24;
    list-style-type: decimal;
}

ol ol
{
    margin-left: 24;
    margin-top: 3;
    list-style-type: lower-alpha;
}

li
{
    margin-top: 0;
    margin-bottom: 0;
    padding-bottom: 0;
    padding-top: 0;
    margin-left: 5;
}

p
{
    margin-bottom: 15;
}

.tip
{
    color:  #0000FF;
    font-style: italic;
    cursor:hand;
    text-decoration:underline;
}

.math
{
    font-family: Times New Roman;
    font-size: 125%
}
.sourceCodeList
{
    font-family: Verdana;
    font-size: 90%; 
}

pre.viewCode
{
    width: 100%;
    overflow: auto;
}

li:hover table, li.over table
{
    background-color: #C0C0C0;
}

li:hover ul, li.over ul
{ 
    background-color: #d2d2d2;
    border: 1px solid #000;
    display: block;
}

</style>
  </head>
  <body>
    <!--Topic built:6/21/2007-->

    <div id="header">
      <table width="100%" id="topTable">
        <tr>
          <td align="left">
            <span id="nsrTitle">Security Extension Sample</span>
          </td>
          
              
        </tr>
      </table>
      </div>
    <div id="mainSection">
      <div id="mainBody">

        <font color="DarkGray">[This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.] </font><p /> 
        <span id="changeHistory">
        </span>
    <p>This sample currently works only with SQL Server 2005. Future support for SQL Server 2008 will be added in a later CTP. It will not work with any version of SQL Server earlier than SQL Server 2005.</p>
    <p>The CustomSecurity sample security extension uses Forms Authentication along with SQL Server to provide a custom security model that works with Reporting Services. This sample is not supported on Itanium-based operating systems.</p>
    <p>The SQL Server samples are not installed automatically during setup. For instructions about how to install the samples, see <a href="http://go.microsoft.com/fwlink/?LinkId=67739" alt=""><linkText xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">Installing Samples</linkText></a>.</p>
    <div class="alert"><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left">Security Note: </th></tr><tr><td>
      The security extension sample should not be deployed and tested in a production environment. Reverting back to Windows Authentication after migrating to a different security extension is generally not recommended. If you do, you may experience errors when you attempt to access items in the report server database that have custom security descriptors, but no Windows Authentication security descriptors. To revert, you will have to reinstall Reporting Services and manually re-apply any role-based security for your Windows users. Before using this sample, you should backup your configuration files.<p></p>
    </td></tr></table><p></p></div>
    <div class="alert"><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left">Important: </th></tr><tr><td>
      Samples are provided for educational purposes only. They are not intended to be used in a production environment and have not been tested in a production environment. Microsoft does not provide technical support for these samples. Sample applications and assemblies should not be connected to or used with your production SQL Server database or your report server without the permission of the system administrator. Microsoft does not provide technical support for these samples. Sample applications and assemblies should not be connected to or used with your production SQL Server database or your report server without the permission of the system administrator. <p></p>
    </td></tr></table><p></p></div>
  <h1 class="heading">Requirements</h1><div id="requirementsSection" class="section">
    <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
      <p xmlns="">You should be familiar with Visual Studio and either Visual C# or Visual Basic and you must have the following applications installed to run the CustomSecurity sample: </p>
      <ul xmlns=""><li>
          
            Microsoft Visual Studio 2005 or compatible development environment (for viewing the project files).<br></br>
        </li><li>
          
            Microsoft .NET Framework 2.0.<br></br>
        </li><li>
          
            SQL Server, including Reporting Services.<br></br>
        </li><li>
          
            Reporting Services samples. <br></br>
        </li><li>
          A report server that you have permission to access on your network, if you plan to use the sample extension to add additional data processing functionality to your server.<br></br>
        </li></ul>
    </content>
  </div><h1 class="heading">Location</h1><div id="sectionSection0" class="section"><content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
      <p xmlns="">This sample is located by default at:</p>
      <p xmlns="">
        C:\Program Files\Microsoft SQL Server\100\Samples\Reporting Services\
        <code>Extension Samples\FormsAuthentication Sample</code>
      </p>
    </content></div><h1 class="heading">Building the Sample</h1><div id="sectionSection1" class="section"><content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
      <p xmlns="">You must first compile and install the extension. The procedure assumes that you have installed Reporting Services to the default location: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services. This location will be referred to throughout the remainder of this topic as &lt;<i>install</i>&gt;.</p>
      <ol xmlns=""><li>
          
          <br></br>
        </li></ol>
      <p xmlns="">
        	
	<p>If you have not already created a strong name key file, generate the key file using the following instructions.</p>
	<h4 class="procedureHeading">
	
	To generate a strong name key file
	</h4>
	<div id="procedureSectionEDBDBHA" class="section">
	<ol>
	<li>Open a Microsoft Visual Studio 2005 command prompt. Click <b>Start</b>, point to <b>All Programs</b>, point to <b>Microsoft .NET Framework SDK 2.0</b>, and then click <b>SDK Command Prompt</b>.<p>-- or --</p>
	<p>Open a Microsoft .NET Framework command prompt. Click <b>Start</b>, point to <b>All Programs</b>, point to <b>Microsoft .NET Framework SDK 2.0</b>, and then click <b>SDK Command Prompt</b>.</p>
	</li>
	<li>Use the change directory command (CD) to change the current directory of the command prompt window to the folder where the samples are installed.<div class="alert">
	<table width="100%" cellspacing="0" cellpadding="0">
	<tr>
	<th align="left">
	Note:</th>
	</tr>
	<tr>
	<td>To determine the folder where samples are located, click the <b>Start</b> button, point to <b>All Programs</b>, point to <b>Microsoft SQL Server</b>, point to <b>Documentation and Tutorials</b>, and then click <b>Samples Directory</b>. If the default installation location was used, the samples are located in &lt;system_drive&gt;:\Program Files\Microsoft SQL Server\100\Samples.
	</td>
	</tr>
	</table>
	</div>
	</li>
	<li>At the command prompt, run the following command to generate the key file:<p>
	<code>sn -k SampleKey.snk</code>
	</p>
	<div class="alert">
	<table width="100%" cellspacing="0" cellpadding="0">
	<tr>
	<th align="left">
	Important:</th>
	</tr>
	<tr>
	<td>For more information about the strong-name key pair, see "Security Briefs: Strong Names and Security in the .NET Framework" in the .NET Development Center on MSDN.</td>
	</tr>
	</table>
	</div>
	</li>
	</ol>
	</div>

      </p>
      <h4 class="procedureHeading" xmlns="">To compile the sample using Visual Studio 2005</h4><div id="procedureSectionEBBRBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Open CustomSecurity.sln in Microsoft Visual Studio 2005. If you installed the sample to the default location, you can access it at C:\Program Files\Microsoft SQL Server\100\Samples\Reporting Services\Extensions. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">In Solution Explorer, select the <b>CustomSecurity</b> project. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">On the <b>Project</b> menu, click <b>Add Reference</b>. </p>
              <p xmlns="">The <b>Add References</b> dialog box opens. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Click the <b>.NET</b> tab. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Click <b>Browse</b>, and find Microsoft.ReportingServices.Interfaces on your local drive. By default, the assembly is located in the &lt;<i>install</i>&gt;\ReportServer\bin directory. Click <b>OK</b>. </p>
              <p xmlns="">The selected reference is added to your project. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">On the <b>Build</b> menu, click <b>Build Solution</b>.  </p>
            </content>
          </li></ol></div>
    </content></div><h1 class="heading">Deploying the Sample</h1><div id="sectionSection2" class="section"><content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
      <p xmlns="">After the sample is compiled, you must copy the DLLs and the ASPX pages to the appropriate subdirectories for your Report Server installation.</p>
      <h4 class="procedureHeading" xmlns="">To deploy the sample</h4><div id="procedureSectionEVBPBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Copy Microsoft.Samples.ReportingServices.CustomSecurity.dll and Microsoft.Samples.ReportingServices.CustomSecurity.pdb to the &lt;<i>install</i>&gt;\ReportServer\bin directory. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Copy Microsoft.Samples.ReportingServices.CustomSecurity.dll and Microsoft.Samples.ReportingServices.CustomSecurity.pdb to the &lt;<i>install</i>&gt;\ReportManager\bin directory. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Copy the Logon.aspx page to the &lt;<i>install</i>&gt;\ReportServer directory and copy the UILogon.aspx page to the &lt;<i>install</i>&gt;\ReportManager\Pages directory. </p>
            </content>
          </li></ol></div>
      <p xmlns="">After the assembly and logon pages are copied to the server, you need to make some modifications to the Report Server configuration file.</p>
      <div class="alert" xmlns=""><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left">Important: </th></tr><tr><td>
        Make backup copies of al of your configuration files before making any changes.<p></p>
      </td></tr></table><p></p></div>
      <h4 class="procedureHeading" xmlns="">To modify the RSReportServer.config file </h4><div id="procedureSectionEPBPBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Open the RSReportServer.config file with Visual Studio 2005 or a simple text editor such as Notepad. RSReportServer.config is located in the &lt;<i>install</i>&gt;\ReportServer directory. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Locate the &lt;<b>Security</b>&gt; and &lt;<b>Authentication</b>&gt; elements and modify the settings as follows: </p>
              <div class="code" xmlns=""><span codeLanguage="other"><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left"></th></tr><tr><td colspan="2"><pre>&lt;Security&gt;
   &lt;Extension Name="Forms" 
Type="Microsoft.Samples.ReportingServices.CustomSecurity.Authorization, 
Microsoft.Samples.ReportingServices.CustomSecurity" &gt;
      &lt;Configuration&gt;
         &lt;AdminConfiguration&gt;
            &lt;UserName&gt;username&lt;/UserName&gt;
         &lt;/AdminConfiguration&gt;
      &lt;/Configuration&gt;
   &lt;/Extension&gt;
&lt;/Security&gt;
&lt;Authentication&gt;
   &lt;Extension Name="Forms" 
Type="Microsoft.Samples.ReportingServices.CustomSecurity.AuthenticationExtension,
 Microsoft.Samples.ReportingServices.CustomSecurity" /&gt;
&lt;/Authentication&gt;</pre></td></tr></table></span></div>
              <p xmlns="">
              </p>
              <p xmlns="">For more information regarding .NET Framework security and Reporting Services, see <b>Understanding Code Access Security in Reporting Services</b>. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Locate the &lt;UI&gt; element and update it as follows: </p>
              <div class="code" xmlns=""><span codeLanguage="other"><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left"></th></tr><tr><td colspan="2"><pre>&lt;UI&gt;
   &lt;CustomAuthenticationUI&gt;
      &lt;loginUrl&gt;/Pages/UILogon.aspx&lt;/loginUrl&gt;
         &lt;UseSSL&gt;True&lt;/UseSSL&gt;
   &lt;/CustomAuthenticationUI&gt;
   &lt;ReportServerUrl&gt;http://&lt;server&gt;/ReportServer&lt;/ReportServerUrl&gt;
&lt;/UI&gt;</pre></td></tr></table></span></div>
              <p xmlns="">
                <b>Note</b>   If you are running the sample security extension in a development environment that does not have a Secure Sockets Layer (SSL) certificate installed, you must change the value of the <b>&lt;</b><b>UseSSL</b><b>&gt;</b> element to <b>False</b> in the previous configuration entry. We recommend that you always use SSL when combining Reporting Services with Forms Authentication. </p>
            </content>
          </li></ol></div>
      <p xmlns="">You will need to add a code group for your custom security extension that grants FullTrust permission for your extension. You do this by adding the code group to the rssrvpolicy.config file.</p>
      <h4 class="procedureHeading" xmlns="">To modify the RSSrvPolicy.config file </h4><div id="procedureSectionELBPBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Open the rssrvpolicy.config file located the &lt;install&gt;\ReportServer directory.</p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Locate the existing code group in the security policy file that has a URL membership of $CodeGen as indicated below and then add an entry as follows to the rssrvpolicy.config</p>
              <div class="alert" xmlns=""><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left">Note: </th></tr><tr><td>
                If you have Analysis Services installed, you will need to change <code>Url="C:\Program Files\Microsoft SQL Server\</code><code><b>MSSQL.2</b></code><code>\Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.CustomSecurity.dll</code> to <code><b>MSSQL.3</b></code>.<p></p>
              </td></tr></table><p></p></div>
              <div class="code" xmlns=""><span codeLanguage="other"><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left"></th></tr><tr><td colspan="2"><pre>&lt;CodeGroup
   class="UnionCodeGroup"
   version="1"
   PermissionSetName="FullTrust"&gt;
   &lt;IMembershipCondition 
      class="UrlMembershipCondition"
      version="1"
      Url="$CodeGen$/*"
   /&gt;
&lt;/CodeGroup&gt;
&lt;CodeGroup
   class="UnionCodeGroup"
   version="1"
   Name="SecurityExtensionCodeGroup"
   Description="Code group for the sample security extension"
   PermissionSetName="FullTrust"&gt;
   &lt;IMembershipCondition 
      class="UrlMembershipCondition"
      version="1"
      Url="C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.CustomSecurity.dll"
   /&gt;
&lt;/CodeGroup&gt;</pre></td></tr></table></span></div>
            </content>
          </li></ol>
          <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
            <div class="alert" xmlns=""><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left">Note: </th></tr><tr><td>
              For simplicity, the Forms Authentication Sample is weak-named and requires a simple URL membership entry in the security policy files. In your production security extension implementation, you should create strong-named assemblies and use the strong name membership condition when adding security policies for your assembly. For more information about strong-named assemblies, see the <a href="http://go.microsoft.com/fwlink/?LinkId=49255" alt=""><linkText xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">Creating and Using Strong-Named Assemblies</linkText></a> topic on MSDN.<p></p>
            </td></tr></table><p></p></div>
          </content>
        </div>
      <p xmlns="">Next, you will need to increase the permissions for the "My Computer" code group in the Report Manager policy file.</p>
      <h4 class="procedureHeading" xmlns="">To modify the RSMgrPolicy.config file </h4><div id="procedureSectionEHBPBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Open the Report Manager policy file, rsmgrpolicy.config, located in the &lt;<i>install</i>&gt;\ReportManager directory.</p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Locate the following code group in rsmgrpolicy.config and change the <b>PermissionSetName</b> attribute from <b>Execution</b> to <b>FullTrust</b> as follows:</p>
              <div class="code" xmlns=""><span codeLanguage="other"><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left"></th></tr><tr><td colspan="2"><pre>&lt;CodeGroup 
        class="FirstMatchCodeGroup" 
        version="1" 
        PermissionSetName="FullTrust"
        Description="This code group grants MyComputer code Execution 
permission. "&gt;
    &lt;IMembershipCondition 
            class="ZoneMembershipCondition"
            version="1"
            Zone="MyComputer" /&gt;</pre></td></tr></table></span></div>
            </content>
          </li></ol></div>
      <p xmlns="">To use Forms Authentication, you need to modify the Web.config files for Report Manager and Report Server to change the authentication mode and disable impersonation.</p>
      <h4 class="procedureHeading" xmlns="">To modify the Web.config file for Report Server</h4><div id="procedureSectionEDBPBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Open the Web.config file in a text editor. By default, the file is located in the &lt;<i>install</i>&gt;\ReportServer directory. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Locate the &lt;<b>identity</b>&gt; element and set the <b>Impersonate</b> attribute to <b>false</b>. </p>
              <div class="code" xmlns=""><span codeLanguage="other"><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left"></th></tr><tr><td colspan="2"><pre>&lt;identity impersonate="false" /&gt;</pre></td></tr></table></span></div>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Locate the &lt;<b>authentication</b>&gt; element and change the <b>Mode</b> attribute to <b>Forms</b>. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Add the following &lt;<b>forms</b>&gt; element as a child of the &lt;<b>authentication</b>&gt; element and set the <b>loginUrl</b>, <b>name</b>, <b>timeout</b>, and <b>path</b> attributes as follows: </p>
              <div class="code" xmlns=""><span codeLanguage="other"><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left"></th></tr><tr><td colspan="2"><pre>&lt;authentication mode="Forms"&gt;
   &lt;forms loginUrl="logon.aspx" name="sqlAuthCookie" timeout="60" 
               path="/"&gt;&lt;/forms&gt;
   &lt;/authentication&gt;</pre></td></tr></table></span></div>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Add the following &lt;<b>authorization</b>&gt; element directly after the &lt;<b>authentication</b>&gt; element. </p>
              <div class="code" xmlns=""><span codeLanguage="other"><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left"></th></tr><tr><td colspan="2"><pre>&lt;authorization&gt; 
   &lt;deny users="?" /&gt;
&lt;/authorization&gt;</pre></td></tr></table></span></div>
              <p xmlns="">This will deny unauthenticated users the right to access the report server. The previously established <b>loginUrl</b> attribute of the &lt;<b>authentication</b>&gt; element will redirect unauthenticated requests to the Logon.aspx page.</p>
            </content>
          </li></ol></div>
      <h4 class="procedureHeading" xmlns="">To modify the Web.config file for Report Manager</h4><div id="procedureSectionEBBPBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Open the Web.config for Report Manager. It is located in the &lt;<i>install</i>&gt;\ReportManager directory. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Disable impersonation by locating the section <b>&lt;identity impersonate= "true" /&gt;</b> and changing it to the following: <b>&lt;identity impersonate="false" /&gt;</b>. </p>
            </content>
          </li></ol></div>
    </content></div><h1 class="heading">Configuring Anonymous Authentication</h1><div id="sectionSection3" class="section"><content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
      <p xmlns="">By default, the Windows user group Guests includes the IUSR_computername account. This account is used to initially log on locally and view the Logon.aspx page. To support Forms Authentication, you must enable anonymous access for the ReportServer virtual directory. By default, anonymous access is disabled.</p>
      <h4 class="procedureHeading" xmlns="">To enable anonymous authentication</h4><div id="procedureSectionEBBNBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">In <b>Internet Information Services</b>, select the ReportServer virtual directory, which is usually a member of the Default Web site, and open its <b>Property</b> tabs. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Click the <b>Directory Security</b> tab. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">In the <b>Anonymous access and authentication control</b> section, click <b>Edit</b>. </p>
              <p xmlns="">The <b>Authentication Methods</b> dialog box appears. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Select the <b>Anonymous access</b> check box. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">
                Click <b>OK</b>. </p>
              <p xmlns="">Repeat the above steps for the Reports virtual directory. </p>
            </content>
          </li></ol></div>
    </content></div><h1 class="heading">Creating the UserAccounts Database</h1><div id="sectionSection4" class="section"><content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
      <p xmlns="">The sample includes a database script, createuserstore.sql, that enables you to set up a user store for the Forms sample in a SQL Server database.</p>
      <h4 class="procedureHeading" xmlns="">To create the UserAccounts database</h4><div id="procedureSectionEBBLBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Open SQL Server Management Studio, and then connect to your local instance of SQL Server. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Locate the createuserstore.sql SQL script file. The script file is contained within the sample project files. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Locate "LocalMachine" towards the end of the script and replace it with your own computer name. For Windows 2003 users, replace <code>LocalMachine\ASPNET</code> with <code>NT AUTHORITY\NETWORK SERVICE</code> (except when in IIS 5 compatibility mode). </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Run the query to create the <b>UserAccounts</b> database. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Exit SQL Server Management Studio. </p>
            </content>
          </li></ol></div>
    </content></div><h1 class="heading">Testing the Sample</h1><div id="sectionSection5" class="section"><content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
      <p xmlns="">The following procedure tests the sample extension. You will register an administrator user, which adds the user name, password hash, and salt value to the <b>users</b> table in the <b>UserAccounts</b> database. It also will require you to enter that user name in the Report Server configuration file. You will then log on the same user to ensure the correct operation of the password verification routines as well as the proper loading of the extension assembly by the report server.</p>
      <h4 class="procedureHeading" xmlns="">To create the report project</h4><div id="procedureSectionEFBJBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Restart IIS by running Iisreset.exe at the command prompt. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Open Report Manager. You can do this from the Reporting Services program menu or by accessing the Reports virtual directory from your browser. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Enter a user name and password and click <b>Register User</b> to add the user to the <b>accounts</b> database. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Open the RSReportServer.config file. Locate the &lt;<b>Security</b>&gt; element and add the previously registered user name as follows: </p>
              <div class="code" xmlns=""><span codeLanguage="other"><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left"></th></tr><tr><td colspan="2"><pre>&lt;Security&gt;
   &lt;Extension Name="Forms" 
Type="Microsoft.Samples.ReportingServices.CustomSecurity.Authorization, 
Microsoft.Samples.ReportingServices.CustomSecurity" &gt;
      &lt;Configuration&gt;
         &lt;AdminConfiguration&gt;
            &lt;UserName&gt;username&lt;/UserName&gt;
         &lt;/AdminConfiguration&gt;
      &lt;/Configuration&gt;
   &lt;/Extension&gt;
&lt;/Security&gt;</pre></td></tr></table></span></div>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Return to the UILogon.aspx page, re-enter the user name and password, and then click <b>Logon</b>. </p>
            </content>
          </li></ol></div>
      <p xmlns="">You should have access to Report Manager and the report server with no restrictions. The administrator user that you create has equivalent permissions on the report server to those of a built-in administrator account on the local computer. For the purpose of this sample, you can only have one user designated as an administrator. Once you have a built-in administrator account, you can register additional users and assign them roles on the report server.</p>
      <div class="alert" xmlns=""><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left">Note: </th></tr><tr><td>
        You should add your administrator user to the official System Administrator and Content Manager (root folder) roles of your report server. This prevents empty security descriptors from existing in the report server database. For more information about the System Administrator and Content Manager roles, see <b>Predefined Roles Overview</b><p></p>
      </td></tr></table><p></p></div>
    </content></div><h1 class="heading">Using the Web Service with Custom Security</h1><div id="sectionSection6" class="section"><content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
      <p xmlns="">You can use the Web service API with Forms Authentication just as you would with Windows Authentication. However, you must call <b>LogonUser</b> in your Web service code and pass the credentials of the current user. In addition, your Web service client will not have the benefit of automatic cookie management, which is provided by Internet Explorer or other Web browsers. You will have to extend the <b>Microsoft.ReportingServices</b> proxy class to include cookie management. This can be done by overriding the <b>GetWebRequest</b> and <b>GetWebResponse</b> methods of the Web service class.</p>
    </content></div><h1 class="heading">Debugging the Sample Extension</h1><div id="sectionSection7" class="section"><content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
      <p xmlns="">Running the sample extension in the debugger is not only a great way to troubleshoot difficulties you may have, but it is also an effective way to step through the code and see the report server authentication and authorization process as it is happening.</p>
      <p xmlns="">The Microsoft .NET Framework provides several debugging tools that can help you analyze the sample code. The following procedure uses Visual Studio 2005 to debug the previous sample.</p>
      <h4 class="procedureHeading" xmlns="">To debug the Forms Authentication sample code</h4><div id="procedureSectionEBBFBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Start Visual Studio .NET and open CustomSecurity.sln on your test report server. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Open Internet Explorer and navigate to Report Manager while leaving the sample code open in Visual Studio. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Switch to Visual Studio and set some break points in the custom security extension project code. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">With the extension project still the active window, from the <b>Debug</b> menu, click <b>Process</b>.</p>
              <p xmlns="">The <b>Processes</b> dialog opens. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">From the list of processes, select the Aspnet_wp.exe process (or W3wp.exe, if your application is deployed on IIS 6.0), and click <b>Attach</b>. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">In the <b>Attach to Process</b> dialog, select the <b>Common Language Runtime</b> program type, and then click <b>OK</b>. For improved debugging performance, make sure that <b>Native</b> is not a selected program type. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">When the sample runs, a logon form appears. Type the user credentials into the logon form and click the <b>Logon</b> button. </p>
              <p xmlns="">Whenever your break points are encountered during processing, the debugger should stop execution at that point. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Step through your code using the F11 key. For more information about using Visual Studio for debugging, see your Visual Studio 2005 documentation. </p>
            </content>
          </li></ol>
          <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
            <div class="alert" xmlns=""><table width="100%" cellspacing="0" cellpadding="0"><tr><th align="left">Note: </th></tr><tr><td>
              Debugging this way requires a lot of resources and processor time. If you run into difficulties, close Visual Studio, reset IIS, and begin again by attaching the CustomSecurity solution to the ASP.NET worker process and logging on to Report Manager.<p></p>
            </td></tr></table><p></p></div>
          </content>
        </div>
    </content></div><h1 class="heading">Removing the Sample Extension</h1><div id="sectionSection8" class="section"><content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
      <p xmlns="">While not generally recommended, it is possible to revert back to Windows Authentication after you have tried out the sample.  </p>
      <h4 class="procedureHeading" xmlns="">To revert to Windows security</h4><div id="procedureSectionEFBDBHA" class="section" xmlns=""><ol><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Restore the following files from your backup copies: Web.config and RSReportServer.config. This should set the authentication and authorization methods for the report server to the default Windows security. This should also remove any entries you made for your extension in the Report Server configuration file. </p>
            </content>
          </li><li>
            <content xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">
              <p xmlns="">Disable anonymous access in Internet Information Services (IIS) for the report server virtual directory. </p>
            </content>
          </li></ol></div>
      <p xmlns="">After the configuration information is removed, your security extension is no longer available to the report server. You should not have to remove any security descriptors that were created while you were running the report server under the sample security extension. The report server automatically assigns the <b>System Administrator</b> role to the BUILTIN\Administrators group on the computer hosting the report server when Windows Authentication is enabled. However, you will have to manually re-apply any role-based security for your Windows users.</p>
      <p xmlns="">Note that reverting back to Windows Authentication after migrating to a different security extension is generally not recommended. If you do, you may experience errors when you attempt to access items in the report server database that have custom security descriptors, but no Windows Authentication security descriptors.</p>
    </content></div><!--[if gte IE 5]>
			<tool:tip element="seeAlsoToolTip" avoidmouse="false"/><tool:tip element="languageFilterToolTip" avoidmouse="false"/><tool:tip element="roleInfoSpan" avoidmouse="false"/>
		<![endif]--></div>
      <div id="footer">
        
			
			© 2007 Microsoft Corporation. All rights reserved.
		</a>
 	
      </div>
    </div>
  </body>
</html>